Processing Integrity Is One Of The Five Trust Service Principles to Help Determine the Scope of Your SOC 2 Audit
Each time you need to schedule a Service Organization Control 2 (SOC 2) audit for one of your service organizations, it is important that you decide which of the five Trust Service Principles you want and/or need to include in the resulting report from your SOC 2 audit.
As a quick refresher, the Trust Service Principles (TSP) are:
- Processing Integrity
The only TSP that is required in any SOC 2 audit is security. The rest of the TSPs—including processing integrity—are optional for inclusion, according to your general focus or specific concerns.
What Is Processing Integrity?
As defined above, processing integrity provides assurance that everything in the audited system is complete, valid, accurate, timely and authorized to fully satisfy the entity’s objectives.
The processing integrity criteria tests associated with the SOC 2 audit set out to reveal that there are no errors in processing. If there are any errors, processing integrity also assures timely correction.
Processing integrity criteria also focuses on inputs and outputs to the system, ensuring they are accurate throughout the processing of any actions within the system.
Finally, the criteria involved with processing integrity spotlight the data itself, as far as how it is stored and maintained while under the service organization’s care and responsibility.
Why Is Processing Integrity Important for A SOC 2 Audit?
Any time that a user entity enlists the outside sourcing of a service organization, it is important to know the key points of the service organization’s operations.
It is particularly important to determine that the system itself has the appropriate levels of integrity to protect the user entity’s information, along with knowing that the system—including hardware, software and cloud applications—is completely accurate, valid, timely and properly authorized.
Processing integrity is a vital part of a SOC 2 audit for the sake of ensuring the service organization is abiding by its agreement that mandates operational and technical parameters within which the service organization must comply.
You will know that your service organization is operating with processing integrity exists if the system performs all of its intended functions in an unimpaired manner, with no unauthorized or inadvertent manipulation.
Why You May Choose to Include Processing Integrity with a SOC 2 Audit
There are a few reasons that a user entity may decide to include processing integrity in an SOC 2 audit, including:
Generally, when things are running smoothly and according to a detailed agreement, user entities have little reason to request this particular TSP. However, it is a highly useful tool to sort out smaller issues before they can grow and become bigger problems, or even catastrophic messes.
Do You Need to Perform A SOC 2 Audit with A Focus on Processing Integrity?
Are you worried about issues related to processing integrity at one of your service organizations? If so, our team at I.S. Partners, LLC. can help you sort things out.
We can sit down with you to look at the issues that have caught your attention to determine whether a processing integrity focus will uncover the underlying problem. If you decide to go forward with a SOC 2 audit and processing integrity review, we can help you get to the bottom of it all, so you can maintain a healthy professional partnership with your service organization.